Описание
ELSA-2017-0183: squid34 security update (MODERATE)
[7:3.4.14-9.4]
- Resolves: #1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
squid34
3.4.14-9.el6_8.4
Oracle Linux i686
squid34
3.4.14-9.el6_8.4
Oracle Linux sparc64
squid34
3.4.14-9.el6_8.4
Связанные CVE
Связанные уязвимости
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
Incorrect processing of responses to If-None-Modified HTTP conditional ...
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.